Automatic shutdown of infected network connections
Chris Lewis
clewis at nortelnetworks.com
Wed Sep 3 19:01:06 UTC 2003
Sean Donelan wrote:
> How many ISPs disconnect infected computers from the network? Do you
> leave them connected because they are paying customers, and how else
> could they download the patch from microsoft?
As an aside:
As a corporation (no customers per-se), we disconnect infected computers
_completely_ (via remote router/switch control tools). We can do it
automatically (via various detectors), but usually do it manually.
This is primarily to maintain service levels with non-infected stuff.
Fixing the computer is usually done by support staff. Via CD if it's
unsafe to reconnect the machine to the net.
If we get infested bad enough, we block the attack ports
subnet-by-subnet as necessary until we've sterilized the subnet.
More information about the NANOG
mailing list